Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label WiFi. Show all posts
Wireless
Cyber Security CyberCrime CyberThreat Public Wifi safeguard TVS VPN WiFi Wireless

Approaches Users Can Implement to Safeguard Wireless Connections

 


The Wi-Fi network is a wireless gateway that connects homes and businesses to the Internet via the air, and it is typically provided by a router, which transmits data signals across the network. Mobile devices, laptops, and tablets can access online services using this signal without the need for physical cables. However, if these networks are not properly protected by passwords, they are vulnerable to unauthorised access.

The internet can be accessed by any device within range, regardless of whether it belongs to the homeowner, a guest, or an unknown third party. While wireless internet has many advantages over the internet, it also presents significant security risks, and wireless internet is no exception. If an insecure network is in place, nearby users might be able to see users' online activities, and this could lead to an exposure of their personal information to unauthorised sources. 

Moreover, when malicious actors exploit open networks to engage in illegal activities, such as spreading spam or accessing prohibited content, they may be held accountable by the network's registered owner. These risks underscore why Wi-Fi connections need to be securely protected with robust protection measures to prevent these threats from occurring. 

Understanding Wi-Fi Technology and Its Security Implications


There is a widespread use of a wireless networking technology called Wi-Fi that allows devices such as smartphones, laptops, tablets, and computers to connect to the internet without using physical cables at all. It is important to understand that wireless routers are currently the most common way that internet connections are made, serving as a central hub for all Wi-Fi-enabled devices within a range to receive internet access.

Despite the popular belief that Wi-Fi is an acronym, the actual term "Wi-Fi" is a trademark created by a marketing firm for commercial purposes to promote wireless network certification standards. Essentially, the principle behind Wi-Fi is that data is transmitted through radio waves in the form of a signal. To minimise network congestion and reduce signal interference, it uses two radio frequency bands — usually 2.4 GHz and 5 GHz — that are divided into channels so that signal interference can be minimised. 

A device that attempts to connect to a wireless network transmits data in binary form (the fundamental language used by computers) by using these radio waves when it attempts to connect. Upon receiving this data, the router relays it through a physical internet connection, such as a broadband cable, which establishes a connection with the online servers. End users can gain seamless access to the web virtually instantaneously, which allows them to access the web seamlessly. 

As much as Wi-Fi is popular, it can also expose a network to potential vulnerabilities, as well as its convenience. The security of unsecured networks and poorly configured networks can lead to unauthorised access, data theft, or surveillance by unauthorised users. If an internet connection extends beyond the boundaries of a property—also known as a "signal footprint"—it becomes available for use by anyone nearby, including potentially malicious individuals. 

Depending on the actor, network traffic may be intercepted, credentials may be captured, or even devices may be taken over if they are connected to the network. Users must manage their Wi-Fi settings and ensure that they are secure to reduce these risks. Several basic practices can be employed to improve digital safety and prevent intrusions, including monitoring connected devices, adjusting router configurations, and minimising signal exposure. 

In the past, home security has always been viewed in terms of physical safeguards like door locks, alarms, and surveillance cameras; however, as everyday life becomes increasingly digital, the protection of a household's online presence has become equally important. The risk of a cyber-attack on a home Wi-Fi network that is not secured poses a serious cybersecurity threat, but it often goes unnoticed. If cybercriminals are not adequately protected, they are capable of exploiting network vulnerabilities to gain unauthorised access.

In these cases, the attacker may install malicious software, intercept confidential information like credit card numbers, or even gain access to live camera feeds that compromise both privacy and safety. In extreme cases, attackers may install malicious software, intercept credit card information, or even hijack connected devices. To mitigate these risks, it is crucial to strengthen the security of users' home Wi-Fi networks. 

As a result of a properly secured network, users reduce the possibility of unauthorised access, prevent sensitive data from being exploited, and act as a barrier against hackers. As well as protecting the homeowner's digital footprint, it ensures that only trusted users and devices can access the internet, thus preserving speed and bandwidth and protecting the homeowner's digital footprint. 

In today's connected world, robust Wi-Fi security is no longer optional—it is now an integral part of modern home security.

Configuring a Wi-Fi network to maximise security is an essential step. 


It is important to remember that in addition to adopting general security habits, configuring the router correctly is also an important part of maintaining a reliable and secure wireless network. Numerous key measures are often overlooked by users but are essential in preventing unauthorised access to personal data. 

Set up strong network encryption. 


To keep Wi-Fi communication secure, all modern routers should support WPA3 Personal, which is the industry standard that offers enhanced protection from brute force attacks and unauthorised interceptions. When this standard is not available, there is always the possibility of using WPA2 Personal, which is a strong alternative to WPA3. In the case of older routers, users who have not updated their firmware or have not replaced their router hardware should take note that outdated protocols like WEP and WPA are no longer enough to provide safe and secure connections. 

Change the default router credentials immediately. 


The router manufacturer usually assigns a default username, password, and network name (SSID) to its routers, which information is widely available online, and which can be easily exploited. By replacing these default credentials with unique, complex ones, unauthorised access risk is significantly reduced. In addition to the password used by devices to connect to the Wi-Fi network, the router's administrative password is used to manage the router's settings.

Maintain an up-to-date firmware.


Keeping the router software or firmware up-to-date is one of the most important aspects of keeping it secure. If users intend to configure a new router or make changes, they should visit the manufacturer's website to verify the latest firmware version. 

When users register their routers with the manufacturer and choose to receive updates, they are assured to be informed about critical patches promptly. Users of routers provided by Internet Service Providers (ISPS) should verify whether the updates are automatically handled or if they need to be manually performed. 

Disable High-Risk Features by Default 


There is no denying that certain convenience features, such as Remote Management, Wi-Fi Protected Setup (WPS), and Universal Plug and Play (UPnP), can introduce security weaknesses. Though they simplify the process of connecting devices to a network, they are vulnerable to malicious actors if left active for extended periods. To minimise the potential for attack surfaces, these functions should be disabled during initial setup. 

Establish a Segmented Guest Network


The guest network is a unique way of enabling visitors to use the internet without gaining access to the main network or its connected devices by creating a separate guest network. This segmentation minimises the chance that a guest device could be compromised unintentionally by malware or spyware. Assigning a separate network name and password to the guest network reinforces this layer of isolation, so the guest network doesn't get compromised by the main network. 

The administrator should log out and lock down access to the system.


To prevent unauthorised changes to users' router settings, it is important to log out of the administrative interface after they have configured it. Leaving the administrative interface logged in increases the probability of accidental or malicious changes being made. There are other measures in place to protect their router. 

Turn on the router's built-in firewall.


In most modern routers, a built-in firewall prevents malicious traffic from reaching connected devices, as it filters suspicious traffic before it reaching the device. A router’s firewall can provide additional protection against malware infections, intrusion attempts, and other cyber threats. Users need to verify that the firewall is active in the router’s settings. 

Keep all connected devices secure.

A network's security is just one part of the equation. All connected devices, including laptops, smartphones, smart TVS, and Internet of Things appliances, should be updated with the latest software and protected by anti-virus or anti-malware software. In most cases, an intruder can gain access to a larger network using a compromised device. 

With a blurring of the lines between the physical and digital worlds and the ongoing blurring of the boundaries in which they exist, protecting users' home or office Wi-Fi network has become not just an issue of convenience but a necessity as well. Cybersecurity threats are on the rise, often targeting vulnerabilities within household networks that have been overlooked. 

As a precautionary measure to protect personal data, maintain control over bandwidth, and maintain digital privacy, users need to take a proactive, layered approach to wireless security, so that they can protect themselves against unauthorised access. As well as updating firmware, restricting access, monitoring device activity, and disabling exploitable features, it is crucial that users go beyond default settings. 

Users can create a resilient digital environment by treating Wi-Fi networks in the same manner as physical home security systems do—one that is resistant to intrusion, protects sensitive information, and guarantees uninterrupted, safe connectivity. By doing this, users can build a resilient digital environment. When it comes to protecting themselves against emerging cyber threats, it remains paramount to stay informed and vigilant about the latest developments in technology.
Read more »
WiFi
Cyber Threats Encryption Online Security Privacy WiFi

How Ignoring These Wi-Fi Settings Can Leave You Vulnerable to Hackers

 

In today's plugged-in world, most of us rely on the Internet for nearly everything from shopping and banking to communicating with family members. Whereas increasing reliance on the internet has exposed opportunities for doing just about anything remotely, it also increases the chances that cyber thieves will target your home Wi-Fi network looking for a weak point to pry into. Thus, securing your home network is critical to your own privacy.

The Importance of Router Settings

But for privacy lawyer Alysa Hutnik, the most common mistake isn't what people do but rather what they don't: namely, change the default settings on their Wi-Fi routers. The default settings on every router are public knowledge, and that's how hackers get in. "You wouldn't leave your front door open," she points out-a failure to alter these default settings is a little different from that.

The very first thing in securing your Wi-Fi network is changing the default password to something strong and unique. This would reduce the chances of unauthorised access significantly. You may also want to take a look at all the other configurations you can make on your router to optimise security features.

Encryption: Protecting Your Data

Another thing you should do to secure your home network is to enable encryption. Most of the current routers do offer some form of encryption options, like WPA (Wi-Fi Protected Access). This encrypts information in such a way that while travelling over your network, it makes hacking even more inconvenient to intercept. If you have not enabled the encryption on your router then it's pretty much the same as leaving personal information lying around open for everyone to grab. A check on your settings and enabling the WPA encryption adds the much-needed layer of defence.

Check Security Settings on All Devices

Securing your home network doesn't stop at the router. Any device that connects to your Wi-Fi should have its privacy and security settings properly enabled as well. Hutnik says that whenever you bring home a new device, a new phone, smart speaker, or laptop, it takes a few minutes to read through the options for privacy and security settings. Many devices have configurations not optimised for security by default. Usually, those configurations can be customised in a minute or two.

Quick Easy-to-Follow Steps to Mitigate Risk

Beyond the configuration of your network and devices, Hutnik calls you to take a few extra precautionary actions regarding your privacy. One such action is sticking tape on your webcam when you are not using it. There is always the prospect of hackers taking control of your camera through malware, so spying on you. As simple as placing a sticker or a Post-it note on your webcam might give you relief over it.

Sure enough, these measures won't protect you from cyber-attacks right and left, but they certainly reduce the risk. The more of our lives we put online, the more important it becomes that we take time to harden our home networks and equipment.

Stay Vigilant and Stay Protected

This will help protect you more from hackers and other online threats: understanding home network vulnerabilities and taking preventive actions about routers, using encryption, and checking your devices' settings. It involves the little things like covering your webcam and thereby trying to ensure that these little habits make you a safer human being on the internet.


Take small steps in securing your home network to avoid many future headaches and ensure that your personal info does not end up in cyber-criminals' pockets.


Read more »
WiFi
Bank Security Cyber Attacks Hacker Personal Data WiFi

5 Signs Your Wi-Fi Has Been Hacked: Protect Your Bank Details

5 Signs Your Wi-Fi Has Been Hacked: Protect Your Bank Details

The tech company Aura sent its experts to investigate the telltale indicators that cybercriminals have overcome your wi-fi. A hacker can access all of your sensitive information through your wifi in a number of methods, and it's far easier to detect than you might believe.

In the event that this occurs, outsiders will have access to your bank account information and other private information. They may even be able to listen in on your private discussions with loved ones, parents, or other family members.

However, you can tell if your wifi has been hacked or not by looking for these five indicators:

1. Reduced internet speed

If your internet provider is normally trouble-free, an abrupt and unusual slowdown in your access to the internet may indicate that hackers have attacked your router.

2. Finding strange devices or IP addresses

Unknown gadgets, sometimes known as rogue devices, may indicate that hackers are trying to access private data from your router.

If you see this, you need to check if any unidentified devices are included in the list of connected devices by logging in to your router's IP address, which is typically found on the router itself.

3. Suddenly, the Wi-Fi password has changed

Should this occur without warning, there may be a connection to hacker activity.

You won't be able to access the router and resolve the problem on your own because these annoying hackers typically alter your login credentials after they have access.

4. Unknown or new software installed on your devices

If you notice any strange new software on your device, it can be a sign that hackers have been targeting your network and maybe installing malware.

5. Strange activities on your web browser

You will almost certainly notice this: if your browser starts directing you to strange websites, it's possible that hackers have altered your DNS settings. You may also notice things like ransomware messages appearing that purport to have sensitive data or photos, suggesting that hackers may have gained access to your router.

Fake purchasers will often contact real sellers of goods and appear to be interested in making a purchase in an attempt to obtain your private information.

The scammer would then lie and claim to have transferred monies that are only available through a dubious link, so the transaction never actually happens.

Usually, the link is a phishing one, where the seller enters their bank card information thinking they will get money, but inadvertently allows their account to be drained. There are, nevertheless, safety measures you can do. Downloading antivirus software would help prevent those hackers from getting near you.

Read more »
Wifi vulnerability
Cyber Security Hacking Risk Information Security Public Wifi VPN WiFi Wifi vulnerability

Hidden Dangers of Public Wi-Fi: What A Traveler Needs To Know

 

Public Wi-Fi networks have become ubiquitous in our modern world, offering convenience and connectivity to travellers and commuters alike. However, beneath the surface lies a web of hidden dangers that could compromise your privacy and security. As an expert in cybersecurity, it's crucial to shed light on these risks and provide travellers with the knowledge they need to protect themselves in an increasingly connected world. 

One of the most significant dangers of connecting to public Wi-Fi is the risk of falling victim to a cyberattack. These networks are often unsecured, making it easy for hackers to intercept sensitive information transmitted over them. From passwords to financial data, travellers risk exposing their most personal information to prying eyes. Another hidden danger of public Wi-Fi is the prevalence of rogue hotspots. 

These malicious networks are designed to mimic legitimate Wi-Fi networks, tricking unsuspecting users into connecting to them. Once connected, hackers can launch various attacks, from phishing scams to malware downloads, putting travellers' devices and data at risk. Furthermore, public Wi-Fi networks are often monitored by cybercriminals looking to steal valuable information from unsuspecting users. 

By intercepting unencrypted data packets, hackers can gain access to usernames, passwords, and other sensitive information, leaving travellers vulnerable to identity theft and fraud. To mitigate the risks associated with public Wi-Fi, travellers should take proactive measures to protect themselves and their data. One of the most effective ways to stay safe is to avoid connecting to public Wi-Fi networks altogether, especially when handling sensitive information such as online banking or email access. 

If connecting to public Wi-Fi is unavoidable, travellers should use a virtual private network (VPN) to encrypt their internet traffic and protect their data from prying eyes. Additionally, travellers should enable two-factor authentication on all their accounts to add an extra layer of security against unauthorized access. It's also essential for travellers to keep their devices and software up-to-date with the latest security patches and updates. 

By regularly updating their devices, travellers can patch known vulnerabilities and reduce the risk of falling victim to cyberattacks. In conclusion, while public Wi-Fi networks offer convenience and connectivity to travellers, they also pose significant risks to privacy and security. By staying vigilant and taking proactive measures to protect themselves and their data, travellers can minimize the hidden dangers of public Wi-Fi and enjoy a safer and more secure travel experience.
Read more »
WiFi
Consumer Geofencing Mobile Security Technology WiFi

Geofencing: A Tech Set to Transform the Consumer Landscape?

Geofencing

One technological advancement that is subtly changing the marketing and customer engagement scene is Geofencing. It effortlessly connects your device to companies and services by drawing virtual borders around real-world locations. As soon as you cross these lines, you get relevant messages that are tailored to your area, including discounts, event reminders, or special offers.

Even if this technology helps some industries more than others, it poses serious privacy issues because it tracks your whereabouts and may generate issues with consent and data protection.

Let's examine the workings of this technology, consider how important your mobile device is to this procedure, and consider the privacy issues in more detail.

Geofencing: What is it?

Digital technology known as "geofencing" creates imaginary borders around a predetermined region. It's similar to encircling a location, such as a park, coffee shop, or neighborhood, with an invisible fence on a map.

As people enter or leave these designated regions, this equipment keeps an eye on gadgets like cell phones that depend on GPS, WiFi, or cellular data. Additionally, it monitors the movement of radio-frequency identification (RFID) tags—compact devices that wirelessly transmit data, similar to contactless vehicle keys—across these virtual boundaries.

How does Geofencing work?

1. Specifying the Geofence: To establish a geofence around their store, a retailer first chooses a location and then enters geographic coordinates into software to create an invisible boundary.

This could cover the immediate vicinity of the store or cover a broader neighborhood, establishing the context for the activation of particular digital activities.

2. Granting Access to Location Data: For geofencing to function, users must allow location access on their cell phones. With this authorization, the device can use:

  • GPS for accurate location monitoring
  • WiFi uses neighboring networks to estimate closeness
  • Cellular data uses cell towers to triangulate the device's location

These permissions guarantee that the device's position can be precisely detected by the system. (We'll talk about the privacy issues this has raised later.)

3. Getting in or out of the fence: The geofencing system tracks a customer's smartphone location in the geofenced geographical area as they get closer to the store. When a consumer enters this region, the system is triggered to identify their entry based on the GPS data that their smartphone continuously provides.

4. Setting Off an Event: A predetermined action, such as delivering a push notification to the customer's smartphone, is triggered by this entry into the geofence.

The action in this retail scenario could be a notification with a marketing message or a unique discount offer meant to entice the customer by offering something of value when they are close to the business.

5. Carrying Out the Response: The customer knows a promotion or discount has been sent straight to their smartphone with a notice that appears on their device.

The customer's experience can be greatly improved by this prompt and location-specific interaction, which may result in more people visiting the store and a greater rate of sales conversion.

Industries where Geofencing is used

  1. Child Safety and Elderly Care
  2. Workforce Management
  3. Smart Home Automation
  4. Transport and Logistics

Future and Geofencing

Geofencing technology is anticipated to undergo a substantial transformation in 2024 and beyond, mostly because of the progress made in IoT (Internet of Things) technology. IoT encompasses physical objects, automobiles, household appliances, and other products that are integrated with sensors, software, electronics, and communication.

Read more »
WiFi
Gadgets Hacking devices OMG cables Security Technology USB Nugget WiFi

Is Your Gadget Secretly a Security Risk?

 


In our digital world where everything connects, keeping our devices safe is like building a strong fortress. We all know the basics – use strong passwords and be careful with downloads. But there's a hidden world of dangers that doesn't shout for attention. These dangers hide in plain sight, disguised as everyday gadgets we use. Imagine them as silent troublemakers wearing innocent masks. Today, we're going to see right through this world and discover the not-so-friendly surprises behind the gadgets we thought were harmless. 

1. Flipper Zero

Disguised as an innocent child's toy, the Flipper Zero, with a price tag of $169, extends its capabilities far beyond its facade. This unassuming gadget boasts an impressive array of features, including the ability to clone RFID cards, control infrared devices, and even masquerade as a keyboard. Posing as a harmless plaything, it is equipped to send commands to connected computers or smartphones, showcasing its multifunctional yet discreet nature.

2. O.M.G Cables

Operating undercover as regular charging cables, O.MG cables reveal a hidden computer with malicious intent upon connection. These covert keyboards, camouflaged as everyday charging accessories, can stealthily pilfer Wi-Fi passwords, copy files, and execute various other malicious actions. The elite version takes deception to the next level by connecting to Wi-Fi, triggering remotely, and even self-destructing to erase any traces of its surreptitious activities.

3. USBKill

Presented as innocent USB flash drives, USBKill devices harbour the potential for disruptive electrical charges when connected to any unsuspecting device. Whether triggered by a button, Bluetooth, timed attack, or a covert magnetic ring, these seemingly harmless gadgets underscore the inherent risks associated with indiscriminately connecting unknown USB devices. Laptops, PCs, smartphones – no device is immune to their potentially destructive capabilities.

4. USB Nugget

Beyond its charming exterior resembling a kitty, the USB Nugget harbours a darker secret – the potential to drop malicious payloads onto any unsuspecting connected device. This seemingly innocent and adorable gadget serves as a stark reminder of how even the simplest-looking devices can conceal formidable threats, highlighting the need for cautiousness when dealing with seemingly harmless peripherals.

5. Wi-Fi Pineapple

The Wi-Fi Pineapple, presenting itself as a futuristic router, transcends its appearance, concealing sophisticated capabilities that can significantly compromise wireless networks. This discreet platform for wireless network attacks can create rogue access points, monitor data from nearby devices, and capture Wi-Fi handshakes. Its unassuming guise masks the potent yet discreet threats that exist in the technical world. 

6. USB Rubber Ducky

Camouflaged as a standard flash drive, the USB Rubber Ducky assumes the role of a covert typist, emulating human keystrokes into connected devices. Its discreet nature allows it to remain undetected for extended periods, emphasising the imperative need for caution when plugging in unknown devices.

7. LAN Turtle

It appears as a generic USB ethernet adapter, the LAN Turtle conceals powerful tools for network surveillance. With features such as network scanning, DNS spoofing, and alerts for specific network traffic, it operates discreetly, potentially eluding detection for extended periods. This unassuming device highlights the subtle yet potent threats associated with covert network monitoring.

8. O.MG Unblocker

Presenting itself as a data blocker, the O.MG Unblocker not only fails to fulfil its supposed function but also acts as an O.MG cable, enabling data theft or the delivery of malicious payloads. This deceptive device surfaces the importance of vigilance in an era where even seemingly protective accessories may harbour hidden dangers.

And that's the lowdown on our everyday gadgets – they might seem all harmless and friendly, but who knew they could have a mischievous side? So, the next time you plug in a cable or connect a device, remember, it could be up to something more than meets the eye. Stay cautious. 

Read more »
WiFi
Airport Security Cyber Security Hackers IT Network Public Network security measures Sensitive Information VPN WiFi

Navigating the Risks: Is Airport Wi-Fi Safe for Travelers?

Airport Wi-Fi has become a need for travelers in a time when keeping connected is crucial. It acts as a lifeline for anything from last-minute travel adjustments to professional correspondence. However, worries about its security have led some people to wonder whether utilizing public networks comes with any inherent risks.

According to a report by Explore.com, accessing airport Wi-Fi networks might not be as secure as one would hope. The convenience it offers often comes at the cost of compromised cybersecurity. Cybercriminals can exploit vulnerabilities in these networks, potentially gaining access to sensitive information.

Aura, a cybersecurity company, emphasizes that travelers should exercise caution when connecting to airport Wi-Fi. "Public networks are prime targets for cyberattacks. It's like leaving your front door unlocked in a high-crime area," warns their security expert. Hackers can employ various techniques, such as "Man-in-the-Middle" attacks, to intercept data transmitted over these networks.

MarketSplash echoes these concerns, urging travelers to take proactive measures. Using a Virtual Private Network (VPN) is one of the most effective ways to secure online activities. A VPN creates a secure tunnel between the device and the internet, encrypting data and making it significantly harder for cybercriminals to intercept.

Additionally, it's advised to avoid accessing sensitive information, like banking accounts or private emails, while on public Wi-Fi. Instead, it's safer to use cellular data or wait until connecting to a trusted network.

While these warnings might sound alarming, it's important to note that not all airport Wi-Fi networks are equally risky. Some airports invest heavily in cybersecurity measures, offering safer browsing experiences. As a rule of thumb, using well-known airports and verifying the network's legitimacy can reduce risks.

Airport Wi-Fi is a useful tool for travelers, but it's important to be aware of any security hazards. One can find a balance between staying connected and remaining secure by taking steps like using a VPN and avoiding important tasks on public networks. Better safe than sorry, as the saying goes. Travelers can avoid future hassles by making a minor investment in cybersecurity.
Read more »
WiFi
Kaspersky Phishing Attacks User Privacy VPN Vulnerabilities and Exploits. WiFi

The Safety of VPN Use: A Closer Look

The usage of Virtual Private Networks (VPNs) has experienced an unprecedented surge in recent years, as individuals and organizations seek enhanced online privacy and security. However, amidst this widespread adoption of VPNs, it is crucial to question whether users are truly safeguarded in their digital endeavors. 

According to a recent report by Cybersecurity Insiders and Zscaler, VPN usage has reached an all-time high, with 78% of organizations employing VPN services to safeguard their network traffic. Additionally, a study conducted by Security.org revealed that 30% of internet users globally rely on VPNs for various purposes, including bypassing geo-restrictions, securing public Wi-Fi connections, and shielding their digital footprints from prying eyes.

While VPNs offer several benefits, such as encryption and anonymity, it is crucial to understand that not all VPNs are created equal. Some low-quality or free VPN services may pose significant risks to users' online safety. Dr. Max Vetter, Chief Cyber Officer at Immersive Labs, emphasizes this concern, stating, "A VPN is only as secure as its provider. Users must exercise caution when selecting a VPN service, as not all providers prioritize security and privacy."

In the pursuit of privacy and security, users often overlook the fact that their VPN provider may still have access to their online activities. Some VPN companies log user data, including browsing history and connection timestamps, raising concerns about privacy breaches. To ensure maximum protection, it is essential to choose a reputable VPN service that follows a strict no-logging policy.

Moreover, a VPN cannot shield users from all threats. It encrypts internet traffic and masks IP addresses, making it difficult for hackers or cybercriminals to intercept data. However, users must remain vigilant against other online risks, such as phishing attacks, malware, and social engineering. As Denis Legezo, Security Expert at Kaspersky, advises, "VPNs are not a panacea. They must be used in conjunction with other cybersecurity measures to ensure comprehensive protection."

It is worth noting that VPNs are not immune to vulnerabilities themselves. A recent industry report by Zscaler highlights that 91% of VPN services exhibit at least one potential security vulnerability. These vulnerabilities range from outdated protocols to weak encryption standards, putting users at risk. Regularly updating VPN software and opting for services with robust security protocols are essential steps in mitigating such vulnerabilities.
Read more »
WiFi
Cyber Security Data Network Security Safety WiFi

How to Prevent Home Network Hackers? Here's all you Need to Know

 

Your home Wi-Fi network may not be as secure as you believe. Internet crime costed Americans more than $6.9 billion in 2021. Personal data breaches were also significant, in addition to phishing and scams. Many personal data breaches could have been avoided with a little home network security. The average household in the United States has more than ten devices connected to its home Wi-Fi network. 

The number of devices ranging from laptops and tablets to phones, smartwatches, and streaming devices can quickly grow, and each is potentially vulnerable to hacking. With so much data stored on those devices – credit card numbers, bank records, login credentials, and other personal and private information – you want to make sure you're protected from hackers if your network is compromised.

A secure home network minimizes the risk of being hacked and having someone gain access to sensitive information. Furthermore, it will keep unwanted or unauthorized users and devices from slowing down your connection or freeloading on the internet service you pay for.

How to Protect Your Home WiFi Network

Here are the fundamentals for safeguarding your home Wi-Fi network. 

1. Make a strong Wi-Fi password and change it frequently.
It is critical to creating a unique password for your Wi-Fi network in order to maintain a secure connection. Avoid passwords or phrases that are easily guessed, such as someone's name, birthday, phone number, or other common information. Simple Wi-Fi passwords are easy to remember, but they are also easy for others to figure out

2. Activate the firewall and Wi-Fi encryption.
Most routers include a firewall to prevent outside hacking and Wi-Fi encryption to prevent eavesdropping on data sent between your router and connected devices. Both are usually turned on by default, but you should double-check to make sure.

Now that you know how to access your router's settings, double-check that the firewall and Wi-Fi encryption are turned on. Turn them on if they're turned off for any reason. Your network security will appreciate it.

3. Turn off remote router access.
Anyone who is not directly connected to your Wi-Fi network can access the router settings via remote router access. There should be no reason to enable remote access unless you need to access your router while away from home (for example, to check or change the configuration of a child's connected device).

Remote access can be disabled in the router's admin settings. Disabling remote router access may not be the default, unlike other security measures.

While, even with the most up-to-date and effective methods of protecting your home network, security is never guaranteed. Hackers and cybercriminals will find ways to exploit the internet as long as it exists. However, by following the tips above, you can better protect your network from anyone attempting to use your connection or access your data.

Read more »
WiFi
Android DNS Flaw Domain malware Threat actor WiFi

 Roaming Mantis Virus Features DNS Setups


Malicious actors linked to the Roaming Mantis attack group were seen distributing an updated variation of their patented mobile malware called Wroba to compromise Wi-Fi routers and perform Domain Name System (DNS) theft.

Kaspersky found that the threat actor behind Roaming Mantis only targets routers made by a well-known South Korean network equipment manufacturer that is situated in that country.

Researchers have been tracking the Roaming Mantis malware distribution and credential theft campaign since September 2022. This malware uses an updated version of the Android malware Wroba. o/XLoader to identify susceptible WiFi routers based on its model and modify their DNS.

All Android devices connected to the WiFi network will now experience a redirect to the malicious landing page and a request to install the malware as a result of the router's DNS settings having been altered. Consequently, there is a steady flow of infected devices that can penetrate secure WiFi routers on national public networks that serve a huge number of users.

The attacks use smishing messages as their primary intrusion vector to deliver a booby-trapped URL that, depending on the mobile device's operating system, either provides a malicious APK or directs the user to phishing URLs.

Even though there are no landing pages for American targets and Roaming Mantis does not seem to be specifically targeting American router models, Kaspersky's telemetry reveals that 10% of all XLoader victims are in the United States.

Additionally, the feature was set up to primarily target WiFi routers in South Korea, according to security researchers. Roaming Mantis victims have also been spotted in France, Japan, Germany, the US, Taiwan, Turkey, and other countries.

Kaspersky experts advise consulting one's router's user manual to ensure that its DNS settings have not been modified or contacting your ISP for assistance to safeguard the internet connection from such a virus. Furthermore, updating your router's firmware regularly from the official source is advised, as is changing the router's default login and password for the admin web interface. Avoid using a third-party repository and do not install router firmware from outside sources.
Read more »
WiFi
Cyber Security IP Address Public Network User Privacy VPN WiFi

When Using Open Wi-Fi, Users Don't Employ a VPN

A VPN is a software program that masks the actual IP address and encrypts all data leaving any device. 
Using a VPN, enables users to connect to a secure network via a public network and transport all of the data into an encrypted channel, safeguarding their online activity. 

The user's authentic IP address is concealed and next-generation encryption is used to mask user activities when the web server is redirected via another private internet server.

The likelihood of connecting to free public Wi-Fi to stream a network, watch YouTube videos, or browse through social media feeds increases as a result. This is where one of the finest VPN services is useful and essential throughout the holiday season. 

A recent poll reveals that when connecting to a risky Wi-Fi, the majority of users continue to refrain from using such protection software. 

Business VPNs were not required in the past when cybersecurity experts were in high demand. To safeguard online activity in the present digital environment, each user must use a secure VPN. However, for individuals who frequently connect to open internet hotspots, it is all the more important. It appears that a majority of us still do not adhere to this crucial privacy-friendly habit, which is a concern.

More than 56% of participants in a recent survey of 1,000 American users aged 18 and older who use public Wi-Fi claimed they were not using a VPN. And to make matters harder, 41% do not use any encryption software at all.

The top travel hazards to be aware of this festive season have been compiled by cybersecurity company Lookout, which also makes antivirus software like Lookout Security and other security, privacy, and identity theft detection solutions.

Some of the key guidelines are as followed:
  • Stay aware of insecure Wi-Fi networks because hackers may conceal themselves behind a similar deceptive network to deceive careless passengers and steal their login information. 
  • Using USB charging outlets in public places can be risky.
  • Do not fall for travel-related phishing schemes, hackers may also attempt to con users using these scams.

Reliable VPN services are of utmost importance for browsing the web securely in any situation and avoiding prying governments and nefarious individuals from getting access to user data. 
 


Read more »
WiFi
Airline airline industry CVE CVE vulnerability Exploit Security Flaws Vulnerabilities and Exploits WiFi

Major Vulnerabilities Found in Wireless LAN Devices in Airlines

The two major vulnerabilities were found in the series of the flexlan, a LAN device providing internet services in airlines. The Necrum security labs’ researchers Samy Younsi and Thomas Knudsen, initiated the research which led to tracking two critical vulnerabilities which were identified as CVE-2022-36158 and CVE-2022-36159. 

The vulnerabilities were detected in the Flexlan series named FXA3000 and FXA2000 and have been associated with a Japan-based firm known as Contec. 
 
The researchers said while considering the first vulnerability, that during the execution of reverse engineering on firmware, we found a hidden web page, which was not entailed in the list of wireless LAN manager interfaces. They also added that it simplifies the enforcement of the Linux command over the device with root privileges. The researchers mentioned that the first vulnerability gave access to all the system files along with the telnet port which allows to access the whole device.   
 
Regarding the second vulnerability, the researchers said, it makes use of hard-coded, weak cryptographic keys and backdoor accounts. While carrying out the research, the researchers were also able to recover and get access to a shadow file within a few minutes with the help of a brute-force attack. The file contained the hash of two users including root and users. 
 
The researchers explained the issue that the device owner is only able to change the password from the interface of the web admin as the root account is reserved for maintenance purposes by Contec. This allows the attacker with a root hard-coded password able to access all Flexlan FXA2000 and FXA3000 series effortlessly. 
 
With respect to the solutions, researchers emphasized the importance of mentioned to maintaining cyber security, with regard to the first Vulnerability. They said, “the hidden engineering web pages should be removed from all unfortified devices. As weak passwords make access easier for cyber attackers.” For the second vulnerability, the advisory commented, “the company should create new strong passwords, for every single device with the manufacturing process."
Read more »
WiFi
Data Breach Data Leak Data Privacy User Data User Privacy VPN WiFi

Researchers: Wi-Fi Probe Requests Leak User Data

 

A team of academic researchers from the University of Hamburg in Germany discovered that Wi-Fi investigation requests from mobile devices expose identifiable information about their owners via Wi-Fi investigation requests. 

When a probe response is received, mobile devices use it to obtain information about nearby Wi-Fi access points and connect to them. According to the researchers, attackers who can sniff network traffic can use these probing requests to monitor and identify devices, as well as determine their position. 

According to them, nearly a quarter of probe requests contain the Service Set Identifiers (SSIDs) of previously connected networks, which might be exploited to expose home addresses or visited places. Furthermore, the researchers highlight that the probe requests may be used to trilaterate the position of a device with an accuracy of up to 1.5 metres or to "trace the movement of a device to effectively monitor its owner.

“This is in fact employed in 23% of the stores already. Companies and cities that conduct Wi-Fi tracking take the legal position that only the MAC address contained in probe requests is considered personal data according to GDPR Article 4(1), which protects personal data from unlawful collection and processing,” the researchers stated in their paper. 

Experiment findings:

According to the academics, information gathered during a November 2021 experiment focusing on the analysis of probe requests should be sufficient to deem these queries personal data, based only on SSIDs recorded in the devices' preferred network lists (PNLs). 

As part of the trial, the researchers travelled to a pedestrian area in a German city and recorded probe requests three times in one hour using six off-the-shelf antennas. SSIDs were found in 23.2 per cent of the 252,242 total requests. 

The researchers also determined that some of the submitted probe requests with SSIDs revealed password data and that around 20% of the transmitted SSIDs were likely typos of the genuine SSID. The probe requests also revealed 106 separate first and/or last names, three email addresses, the SSIDs of 92 distinct vacation houses or lodgings, and the name of a nearby hospital. 

The academics claim that they ran all SSIDs using WiGLE's geolocation lookup API, which allowed them to determine the actual networks' locations within a 1-kilometre radius. 

The researchers added, “Considering the wealth of personal and sensitive information we observed in SSID fields, they can constitute identifying information and thus require due consideration. We argue that at least for as long as there are still devices broadcasting SSIDs, probe requests should be considered personal data and not be used for monitoring without legal basis.” 
 
Read more »
WiFi
Android devices Bluetooth Bugs Fingerprints Flaws Research Vulnerabilities and Exploits WiFi

Hardware Bugs Provide Bluetooth Chipsets Unique Traceable Fingerprints

 

A recent study from the University of California, San Diego, has proven for the first time that Bluetooth signals may be fingerprinted to track devices (and therefore, individuals). At its root, the identification is based on flaws in the Bluetooth chipset hardware established during the manufacturing process, leading to a "unique physical-layer fingerprint."

The researchers said in a new paper titled "Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices, "To perform a physical-layer fingerprinting attack, the attacker must be equipped with a Software Defined Radio sniffer: a radio receiver capable of recording raw IQ radio signals." 

The assault is made feasible by the pervasiveness of Bluetooth Low Energy (BLE) beacons, which are constantly delivered by current smartphones to allow critical tasks such as contact tracking during public health situations. 

The hardware flaws come from the fact that both Wi-Fi and BLE components are frequently incorporated into a specialised "combo chip," effectively subjecting Bluetooth to the same set of metrics that may be utilized to uniquely fingerprint Wi-Fi devices: carrier frequency offset and IQ imbalance. 

Fingerprinting and monitoring a device, therefore, includes calculating the Mahalanobis distance for each packet to ascertain how similar the characteristics of the new packet are to its previously registered hardware defect fingerprint. 

"Also, since BLE devices have temporarily stable identifiers in their packets [i.e., MAC address], we can identify a device based on the average over multiple packets, increasing identification accuracy," the researchers stated. 

However, carrying out such an attack in an adversarial situation has numerous obstacles, the most significant of which is that the ability to uniquely identify a device is dependent on the BLE chipset employed as well as the chipsets of other devices in close physical distance to the target. Other key aspects that may influence the readings include device temperature, variations in BLE transmit power between iPhone and Android devices, and the quality of the sniffer radio utilised by the malicious actor to carry out the fingerprinting assaults. 

The researchers concluded, "By evaluating the practicality of this attack in the field, particularly in busy settings such as coffee shops, we found that certain devices have unique fingerprints, and therefore are particularly vulnerable to tracking attacks, others have common fingerprints, they will often be misidentified. BLE does present a location tracking threat for mobile devices. However, an attacker's ability to track a particular target is essentially a matter of luck."
Read more »
WiFi
Bugs DoS Firewall Flaws VPN Vulnerabilities and Exploits WiFi

Several Palo Alto Devices Affected by OpenSSL Flaw

 

In April 2022, Palo Alto Networks aims to patch the CVE-2022-0778 OpenSSL flaw in several of its firewall, VPN, and XDR devices. 

OpenSSL published fixes in mid-March to address a high-severity denial-of-service (DoS) vulnerability impacting the BN mod sqrt() function used in certificate parsing, which is tracked as CVE-2022-0778. Tavis Ormandy, a well-known Google Project Zero researcher, uncovered the issue. An attacker can exploit the flaw by creating a certificate with invalid explicit curve parameters. 

The advisory for this flaw read, “The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form.” 

“It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters.” 

The bug affects OpenSSL versions 1.0.2, 1.1.1, and 3.0, and the project's maintainers fixed it with the release of versions 1.0.2zd (for premium support customers), 1.1.1n, and 3.0.2. When parsing an invalid certificate, an attacker can cause the OpenSSL library to enter an infinite loop, resulting in a DoS condition, according to Palo Alto Networks. 

“All PAN-OS software updates for this issue are expected to be released in April 2022. The full fixed versions for PAN-OS hotfixes will be updated in this advisory as soon as they are available.” as per Palo Alto Network. 

During the week of April 18, the company is expected to provide security remedies for the above vulnerability. PAN-OS, GlobalProtect app, and Cortex XDR agent software, according to Palo Alto, have a faulty version of the OpenSSL library, whereas Prisma Cloud and Cortex XSOAR solutions are unaffected. 

“We intend to fix this issue in the following releases: PAN-OS 8.1.23, PAN-OS 9.0.16-hf, PAN-OS 9.1.13-hf, PAN-OS 10.0.10, PAN-OS 10.1.5-hf, PAN-OS 10.2.1, and all later PAN-OS versions. These updates are expected to be available during the week of April 18, 2022.” continues the advisory. 

Customers with Threat Prevention subscriptions can enable Threat IDs 92409 and 92411 to limit the risk of exploitation for this issue while waiting for PAN-OS security upgrades, according to the company.
Read more »
WiFi
Leak MENA Privacy User Data User Privacy User Security WiFi

Hotel WiFi Across MENA Compromised, Private Information Leaked

 

Etizaz Mohsin, a Pakistani cybersecurity researcher, was in a hotel room in Qatar when he accidentally discovered a technical vulnerability in the company's internet infrastructure, compromising the personal information of hundreds of hotels and millions of tourists worldwide. 

Mohsin explained, “I discovered that there is an rsync [file synchronisation tool] service running on the device that allows me to dump the device’s files to my own computer. I was able to gain access to all other hotels’ sensitive information that was being stored on the FTP [file transfer protocol] server for backup purposes.” 

He was able to get network configurations for 629 significant hotels in 40 countries, as well as millions of customers' personal information, such as room numbers, emails, and check-in and check-out dates. Information from major hotel chains in Qatar,, Turkey, the United Arab Emirates (UAE), Saudi Arabia, Lebanon, Egypt, Bahrain, Oman, Jordan, Kuwait, and Bahrain, as well as the Kempinski, Millennium, Sheraton, and St Regis in Qatar, Turkey, the United Arab Emirates (UAE), Saudi Arabia, Lebanon, Egypt, Bahrain, Oman, Jordan, Kuwait, and Bahrain was included in the research. 

The hotels all use AirAngel's HSMX Gateway internet technology, which is a British company. Some of the world's most well-known hotel chains are among its clients. Most hotels, stores, restaurants, and cafés need guests to set up an account and fill out their personal information before they may use the internet. It does, however, have some disadvantages. 

Mohsin added, “A public WiFi network is inherently less secure than the one you use at home. It gives hackers access to critical information like banking credentials and account passwords by allowing them to monitor and intercept data transferred across the network.”

Seven years ago, researchers discovered a flaw in hotel routers that affected 277 devices in hotels and convention centres in the US, Singapore, the United Kingdom, the United Arab Emirates, and 25 other countries.
Read more »
WiFi
Asus ASUS Routers attacks Botnet Cyber Attacks Cyclops Blink Routers Russia UK VPN WiFi

This New Russian Cyclops Blink Botnet Targets ASUS Routers

 

Nearly a month after it was discovered that the malware used WatchGuard firewall appliances as a stepping stone to obtaining remote access to infiltrated networks, ASUS routers have been the target of a budding botnet known as Cyclops Blink. 

The botnet's primary objective is to develop an infrastructure for additional attacks on high-value targets, according to Trend Micro, given that none of the compromised hosts belongs to vital organisations or those that have an obvious value on economic, political, or military espionage. 

Cyclops Blink has been identified by intelligence services in the United Kingdom and the United States as a replacement framework for VPNFilter, a malware that has targeted network equipment, especially small office/home office (SOHO) routers and network-attached storage (NAS) devices. 

Sandworm (aka Voodoo Bear), a Russian state-sponsored actor has been linked to both VPNFilter and Cyclops Blink. It has also been tied to several high-profile cyberattacks, including the 2015 and 2016 attacks on the Ukrainian electrical grid, the 2017 NotPetya attack, and the 2018 Olympic Destroyer attack on the Winter Olympic Games. 

The complex modular botnet, c language, affects a variety of ASUS router types, with the company admitting that it is working on a patch to handle any potential exploitation. –  
  • GT-AC5300 firmware under 3.0.0.4.386.xxxx
  • GT-AC2900 firmware under 3.0.0.4.386.xxxx
  • RT-AC5300 firmware under 3.0.0.4.386.xxxx
  • RT-AC88U firmware under 3.0.0.4.386.xxxx
  • RT-AC3100 firmware under 3.0.0.4.386.xxxx
  • RT-AC86U firmware under 3.0.0.4.386.xxxx
  • RT-AC68U, AC68R, AC68W, AC68P firmware under 3.0.0.4.386.xxxx
  • RT-AC66U_B1 firmware under 3.0.0.4.386.xxxx
  • RT-AC3200 firmware under 3.0.0.4.386.xxxx
  • RT-AC2900 firmware under 3.0.0.4.386.xxxx
  • RT-AC1900P, RT-AC1900P firmware under 3.0.0.4.386.xxxx
  • RT-AC87U (end-of-life)
  • RT-AC66U (end-of-life), and
  • RT-AC56U (end-of-life)
Apart from employing OpenSSL to encrypt connections with its command-and-control (C2) servers, Cyclops Blink also includes specific modules that can read and write from the devices' flash memory, allowing it to persist and survive factory resets. A second reconnaissance module acts as a medium for exfiltrating data from the hacked device to the C2 server, while a file download component is responsible for retrieving arbitrary payloads through HTTPS. Although the exact form of initial access is unknown, Cyclops Blink has been affecting WatchGuard and Asus routers in the United States, India, Italy, Canada, and Russia since June 2019. 

A law firm in Europe, a medium-sized entity producing medical equipment for dentists in Southern Europe, and a plumbing company in the United States are among the impacted hosts. Because of the infrequency with which IoT devices and routers are patched and the lack of security software, Trend Micro has warned that this might lead to the establishment of "eternal botnets."

The researchers stated, "Once an IoT device is infected with malware, an attacker can have unrestricted internet access for downloading and deploying more stages of malware for reconnaissance, espionage, proxying, or anything else that the attacker wants to do. In the case of Cyclops Blink, we have seen devices that were compromised for over 30 months (about two and a half years) in a row and were being set up as stable command-and-control servers for other bots."
Read more »
WiFi
Cyber Security News IoT Vulnerabilities and Exploits WiFi

Experts Discovered 226 Security Flaws in Nine Wi-fi Routers

 

Security experts and editors at CHIP (a German IT) have found 226 potential security faults in nine wi-fi routers from authentic manufacturers like AVM, Netgear, Asus, D-Link, TP-Link, Linksys, Edimax, and Synology. TP-Link Archer AX6000 router was the most affected by the flaws, according to cybersecurity experts, besides this, they also found 32 flaws, along with Synology RT-2600ac with 30 defects, and Netgear Nighthawk AX12 having 29 bugs. Experts also discovered around ten vulnerabilities in Netgear Nighthawk AX12, Edimax BR-6473AX, Asus ROG Rapture GT-AX11000, Linksys Velop MR9600, AVM FritzBox 7590 AX, and AVM FritzBox 7530 AX. 

The experts analyzed these network systems with the help of IoT Inspector's security platform, which searched around 1000 CVEs and security vulnerabilities. IoT CEO Jan Wendenburg said "changing passwords on first use and enabling the automatic update function must be standard practice on all IoT devices, whether the device is used at home or in a corporate network. The greatest danger, besides vulnerabilities introduced by manufacturers, is using an IoT device according to the motto ‘plug, play and forget.” 

The most commonly found issues, according to cybersecurity researchers are out-of-date Linux kernel in the firmware, multimedia, and VPN features, existing hard-coded credentials, use of unsafe communication protocols, and weak security passwords. According to the security affairs advisory, "some of the security issues were detected more than once. Very frequently, an outdated operating system, i.e. Linux kernel, is in use. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here. 

The device software used is also commonly found to be outdated, as it all too often relies on standard tools like BusyBox.” Experts observed that not all these faults can be compromised, false positives were also found. Experts discussed their findings with the manufacturers too, most of these vulnerabilities have been patched. Users are suggested to modify factory settings, make sure that devices install auto-updates, and stop functions that are not important.
Read more »
WiFi
Cyber Security Israel Network Security Security Researchers Weak Password WiFi

70% of WiFi Networks in Tel Aviv were Cracked by a Researcher

 

In his hometown of Tel Aviv, a researcher cracked 70% of a 5,000 WiFi network sample, demonstrating that residential networks are extremely vulnerable and easy to hijack. Ido Hoorvitch, a CyberArk security researcher, first strolled about the city center using WiFi sniffing equipment to collect a sample of 5,000 network hashes for the study. 

The researcher then took the use of a vulnerability that allowed the extraction of a PMKID hash, which is typically generated for roaming purposes. Hoorvitch sniffed with WireShark on Ubuntu and utilized a $50 network card that can function as a monitor and a packet injection tool to collect PMKID hashes. 

Although Hoorvitch highlighted that this form of attack does not require such heavy-duty technology, the team deployed a 'monster' cracking rig made up of eight xQUADRO RTX 8000 (48GB) GPUs in CyberArk Labs. The attack is centered on a weakness found by Hashcat's primary developer, Jens 'atom' Steube. This bug can be used to obtain PMKID hashes and crack network passwords.

"Atom’s technique is clientless, making the need to capture a user’s login in real-time and the need for users to connect to the network at all obsolete," explains Hoorvitch in the report. "Furthermore, it only requires the attacker to capture a single frame and eliminate wrong passwords and malformed frames that are disturbing the cracking process." 

The generation and cracking of PMKs with SSIDs and different passphrases can then be used to crack PMKID hashes collected by wireless sniffers with monitor mode enabled. This data is created from the right WiFi password when a PMKID is generated that is equal to the PMKID acquired from an access point. Hoorvitch employed a conversion tool and Hashcat, a password recovery software, after sniffing out PMKID hashes with the Hcxdumptool utility. 

According to Hoorvitch, many Tel Aviv residents use their cellphone numbers as their WiFi password, thus it wasn't long before hashes were cracked, passwords were obtained, and doors to their networks were opened. Each crack on the researcher's laptop took around nine minutes in these circumstances. The team was able to break into over 3,500 WiFi networks in and around Tel Aviv. 

Despite the risk of being hacked, most consumers do not set a strong password for their WiFi networks, according to the report. Passwords should be at least ten characters long, contain a mix of lower and upper case letters, symbols, and numerals, and be unique. Keeping your router firmware up to date will also safeguard your hardware from attacks based on vulnerability exploits, according to the researcher. WAP/WAP1 and other weak encryption protocols should be disabled as well.
Read more »
WiFi
Cyber Security NSA Public Network WiFi

NSA Issues Warning Concerning Public Wi-Fi Networks

 

National Security Agency cautioned public servants against hackers that can benefit from public Wi-Fi in coffee shops, airports, and hotel rooms. 

NSA stated, “The Biden administration would like you to get a vaccine and wear a mask. Oh, and one more thing: It has just proclaimed that it’s time for government employees and contractors to get off public Wi-Fi, where they can pick up another kind of virus.” 

The National Security Agency released a strangely specific warning late last week cautioning that logging in for public Wi-Fi Network “may be convenient to catch up on work or check email,” in a notification to every federal employee, leading defense companies and the 3.4 million uniformed, civil and reserves personnel serving on the military. In an eight-page report, the agency describes how the click on the local coffee shop's network caused problems in a year highlighted by ransomware attacks on pipelines, meatpackers, and even police forces in Washington, DC. 

“Avoid connecting to public Wi-Fi, when possible,” the warning read, stating that even Bluetooth connections can be compromised. 

Officials affirmed that they are completely aware that it is as likely that individuals will listen to the advice as they can be fully veiled outside in a baseball game. However, the message marks a turning moment, with the nation's primary signal intelligence agency aiming to throw on the brakes after a decade in which every restaurant, hotel, or airline has experienced competing for pressures to enhance its free Wi-Fi. 

This risk is not theoretical but is openly recognized and used for various malevolent approaches. The caution lies with readers on videos showing how easy is the use of an unsecured Wi-Fi network, which demands no passwords, yet the password collecting, and mobile phone content is for hackers which they can easily take access of. 

The alert by NSA, without mentioning specific occurrences, includes a warning that criminals or foreign intelligence agencies can generate open Wi-Fi infrastructures that look like they are from a hotel or a coffee house, but certainly are “an evil twin, to mimic the nearby expected public Wi-Fi.” 

Although the sudden surge in a crime or national adversaries exploiting public internet to rob data or to orchestrate hacks did not trigger the National Security Agency's cautions, Officials said. It instead seemed to be part of a much-increased US government's efforts in recent months to make people aware of a variety of technological vulnerabilities. 

Lately, President Biden had signed an Executive Order establishing several Cybersecurity criteria for software firms that sell to the federal government. Federal agencies must implement two-factor authentication as customers receive a text message, with a code, from their bank before entering their account details.
Read more »
Subscribe to: Posts (Atom)